Fedoraproject Fedora vulnerabilities

CVE-2022-38533 [MEDIUM] CWE-787 CVE-2022-38533: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when c In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

CVE-2021-3669 [MEDIUM] CWE-400 CVE-2021-3669: A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

CVE-2021-3574 [LOW] CWE-401 CVE-2021-3574: A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert c A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

CVE-2021-3929 [HIGH] CVE-2021-3929: A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, result

CVE-2022-2982 [HIGH] CWE-416 CVE-2022-2982: Use After Free in GitHub repository vim/vim prior to 9.0.0260. Use After Free in GitHub repository vim/vim prior to 9.0.0260.

CVE-2022-22728 [HIGH] CWE-120 CVE-2022-22728: A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

CVE-2021-3979 [MEDIUM] CWE-327 CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key l A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

CVE-2022-2980 [MEDIUM] CWE-476 CVE-2022-2980: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

CVE-2021-35937 [MEDIUM] CVE-2021-35937: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to by A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-35938 [MEDIUM] CWE-59 CVE-2021-35938: A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credenti A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data

CVE-2022-32793 [HIGH] CWE-787 CVE-2022-32793: Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixe Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

CVE-2022-32893 [HIGH] CWE-787 CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2021-4217 [LOW] CWE-476 CVE-2021-4217: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, whi A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-2946 [HIGH] CWE-416 CVE-2022-2946: Use After Free in GitHub repository vim/vim prior to 9.0.0246. Use After Free in GitHub repository vim/vim prior to 9.0.0246.

CVE-2021-23177 [HIGH] CWE-59 CVE-2021-23177: An improper link resolution flaw while extracting an archive can lead to changing the access control An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain mor

CVE-2021-3905 [HIGH] CWE-401 CVE-2021-3905: A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attac A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

CVE-2021-28861 [HIGH] CWE-601 CVE-2021-28861: Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protec Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It

CVE-2022-31676 [HIGH] CWE-269 CVE-2022-31676: VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A mali VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

CVE-2022-2938 [HIGH] CWE-416 CVE-2022-2938: A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the featu A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

CVE-2021-3839 [HIGH] CWE-125 CVE-2021-3839: A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not valida A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.